Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Aurora, Surfsidekick, and Everything Else [CLOSED]


  • This topic is locked This topic is locked

#1
Elemek

Elemek

    New Member

  • Member
  • Pip
  • 6 posts
This computer has acquired a massive amount of spy/ad/mal/whoknowswhatelse/ware; so much so that popups are continuous; The computer even tries to pop up pop-ups while signed off. We're stuck on dial-up, so the drain on bandwidth is quite painful. The particular popups include surfsidekick, a isp number 69.28.210.175/media/1 (this one's particularly bad; closing it usually causes Explorer to crash), WinFixer, and others. ads kept crashing, which was bad, because it made it very hard to download Adaware and Spybot; I eventually succeeded, but such remedies did not cleanse this computer. Here's the Hijack This log:

Logfile of HijackThis v1.99.1
Scan saved at 5:50:09 PM, on 8/9/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\ISP50\Bin\Bartshel.exe
C:\WINDOWS\System32\obpabj.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\ISP50\bin\ppshared.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\ISP50\Bin\Bartshel.exe
C:\PROGRA~1\ISP50\dialer\DIALER.EXE
C:\Program Files\PeoplePC Accelerated\propelac.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Documents and Settings\Loriann\My Documents\Downloads\Compressed\hijackthis\HijackThis.exe
C:\WINDOWS\System32\notepad.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8081
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfgmgr52.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\ISP50\BIN\PPCOLink -STATION
O4 - HKLM\..\Run: [PPCRunonce] C:\WINDOWS\System32\PPCRunOnce.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [9EfsmDQ] C:\WINDOWS\pfikj.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\System32\exp.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [mscin] C:\WINDOWS\system32\m190309.EXE
O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\System32\vidctrl\vidctrl.exe
O4 - HKLM\..\Run: [PSof1] C:\WINDOWS\System32\PSof1.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\obpabj.exe reg_run
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-image.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://dl.filekicker...IL/PhPSetup.cab
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - http://www.peoplepc....oad/ppcwebi.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1123617048328
O17 - HKLM\System\CCS\Services\Tcpip\..\{F1CFB509-517D-4E81-94B7-B411E3605829}: NameServer = 209.244.0.3 209.244.0.4
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

Thanks for any help.
  • 0

Advertisements


#2
therock247uk

therock247uk

    Expert

  • Expert
  • 14,671 posts
  • MVP
Please download ewido security suite it is a trial version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Then click on Start Update
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Boot into safemode to do this keep tapping F8 on your keyboard while your PC is starting up you will get a menu select safemode.

Open Ewido again
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • While the scan is in progress you will be prompted to clean files, click OK
  • When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop.
Now close ewido security suite.

Reboot and Post the report Ewido made and a new Hijackthis log here in a reply.
  • 0

#3
Elemek

Elemek

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Here's the new Hijack This log:
Logfile of HijackThis v1.99.1
Scan saved at 10:13:58 AM, on 8/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ISP50\Bin\Bartshel.exe
C:\WINDOWS\System32\obpabj.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\ISP50\bin\ppshared.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\ewido\security suite\SecuritySuite.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\ISP50\Bin\Bartshel.exe
C:\PROGRA~1\ISP50\dialer\DIALER.EXE
C:\Program Files\PeoplePC Accelerated\propelac.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Debi\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8081
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll (file missing)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\ISP50\BIN\PPCOLink -STATION
O4 - HKLM\..\Run: [PPCRunonce] C:\WINDOWS\System32\PPCRunOnce.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [9EfsmDQ] C:\WINDOWS\pfikj.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\System32\exp.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [mscin] C:\WINDOWS\system32\m190309.EXE
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\obpabj.exe reg_run
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-image.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://dl.filekicker...IL/PhPSetup.cab
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - http://www.peoplepc....oad/ppcwebi.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1123617048328
O17 - HKLM\System\CCS\Services\Tcpip\..\{F1CFB509-517D-4E81-94B7-B411E3605829}: NameServer = 209.244.0.3 209.244.0.4
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

And here's the log from Ewido:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 10:01:38 AM, 8/11/2005
+ Report-Checksum: A513C0FD

+ Scan result:

HKLM\SOFTWARE\Classes\AppID\BookedSpace.DLL -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\{0DC5CD7C-F653-4417-AA43-D457BE3A9622} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\BookedSpace.Extension -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\BookedSpace.Extension\CLSID -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\BookedSpace.Extension\CurVer -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B5AB638F-D76C-415B-A8F2-F3CEAC502212} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E004800A-73C6-4587-B855-98D0CE0C16B1} -> Spyware.BrowserAid : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{05080E6B-A88A-4CFD-8C3D-9B2557670B6E} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{0DC5CD7C-F653-4417-AA43-D457BE3A9622} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTbarISTbar -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunWindowsUpdate -> Spyware.BrowserAid : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunWindowsUpdate\Active -> Spyware.BrowserAid : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DisplayUtility -> Spyware.Delfin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Surf SideKick -> Spyware.SurfSide : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinDH -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Mvu -> Spyware.Delfin : Cleaned with backup
[612] C:\WINDOWS\System32\baeoa.dll -> TrojanDownloader.Qoologic.n : Cleaned with backup
[864] C:\WINDOWS\System32\obpabj.exe -> TrojanDownloader.Qoologic.n : Cleaned with backup
[1060] C:\WINDOWS\System32\lhkjhda.dll -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\125786.exe -> Not-A-Virus.Pornware.Downloader.Tibsystems.a : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\owner@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\owner@cz9.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\owner@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\owner@install.xxxtoolbar[1].txt -> Spyware.Cookie.Xxxtoolbar : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\owner@vip.clickzs[1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\owner@www.sidefind[2].txt -> Spyware.Cookie.Sidefind : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\owner@www.xxxtoolbar[1].txt -> Spyware.Cookie.Xxxtoolbar : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\ckze06734\Files\sx.htm -> Spyware.TwainTech : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\FQ.exe -> Spyware.WinFetcher : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\iinstall.exe -> TrojanDownloader.IstBar.fm : Cleaned with backup
C:\Documents and Settings\Debi\Cookies\debi@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Debi\Cookies\debi@revenue[1].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Debi\Cookies\owner@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Debi\Cookies\owner@cz9.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Debi\Cookies\owner@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Debi\Cookies\owner@install.xxxtoolbar[1].txt -> Spyware.Cookie.Xxxtoolbar : Cleaned with backup
C:\Documents and Settings\Debi\Cookies\owner@vip.clickzs[1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Debi\Cookies\owner@www.sidefind[2].txt -> Spyware.Cookie.Sidefind : Cleaned with backup
C:\Documents and Settings\Debi\Cookies\owner@www.xxxtoolbar[1].txt -> Spyware.Cookie.Xxxtoolbar : Cleaned with backup
C:\Documents and Settings\Debi\Local Settings\Application Data\Wildtangent\Cdacache\00\00\13.dat/files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\Documents and Settings\Debi\Local Settings\Temp\!update.exe -> Spyware.MediaTickets : Cleaned with backup
C:\Documents and Settings\Debi\Local Settings\Temp\524596_3176_3544_3604_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Debi\Local Settings\Temp\Del100.tmp -> TrojanDownloader.Small.asf : Cleaned with backup
C:\Documents and Settings\Debi\Local Settings\Temp\Del10B.tmp -> TrojanDownloader.Small.asf : Cleaned with backup
C:\Documents and Settings\Debi\Local Settings\Temp\Del11B.tmp -> TrojanDownloader.Small.asf : Cleaned with backup
C:\Documents and Settings\Debi\Local Settings\Temp\Del1D9.tmp -> TrojanDownloader.Small.asf : Cleaned with backup
C:\Documents and Settings\Debi\Local Settings\Temp\Del1ED.tmp -> TrojanDownloader.Small.asf : Cleaned with backup
C:\Documents and Settings\Debi\Local Settings\Temp\Del1F5.tmp -> TrojanDownloader.Small.asf : Cleaned with backup
C:\Documents and Settings\Debi\Local Settings\Temp\Del224.tmp -> TrojanDownloader.Small.asf : Cleaned with backup
C:\Documents and Settings\Debi\Local Settings\Temp\DelE9.tmp -> TrojanDownloader.Small.asf : Cleaned with backup
C:\Documents and Settings\Debi\Local Settings\Temp\DelF8.tmp -> TrojanDownloader.Small.asf : Cleaned with backup
C:\Documents and Settings\Debi\Local Settings\Temp\DelFA.tmp -> TrojanDownloader.Small.asf : Cleaned with backup
C:\Documents and Settings\Debi\Local Settings\Temporary Internet Files\Content.IE5\8TZ7VNAX\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Debi\web2_212.exe -> TrojanDownloader.Qoologic.v : Cleaned with backup
C:\Documents and Settings\Default User\Cookies\owner@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Default User\Cookies\owner@cz9.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Default User\Cookies\owner@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Default User\Cookies\owner@install.xxxtoolbar[1].txt -> Spyware.Cookie.Xxxtoolbar : Cleaned with backup
C:\Documents and Settings\Default User\Cookies\owner@vip.clickzs[1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Default User\Cookies\owner@www.sidefind[2].txt -> Spyware.Cookie.Sidefind : Cleaned with backup
C:\Documents and Settings\Default User\Cookies\owner@www.xxxtoolbar[1].txt -> Spyware.Cookie.Xxxtoolbar : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temp\ckze06734\Files\sx.htm -> Spyware.TwainTech : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temp\FQ.exe -> Spyware.WinFetcher : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temp\iinstall.exe -> TrojanDownloader.IstBar.fm : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8DUN4DMV\0006_adult[1].cab/istactivex.dll -> TrojanDownloader.IstBar.gu : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8DUN4DMV\0006_adult[2].cab/istactivex.dll -> TrojanDownloader.IstBar.gu : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Loriann\Application Data\Mozilla\Firefox\Profiles\j28xmo69.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Loriann\Application Data\Mozilla\Firefox\Profiles\j28xmo69.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Loriann\Application Data\Mozilla\Firefox\Profiles\j28xmo69.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Loriann\Application Data\Mozilla\Firefox\Profiles\j28xmo69.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Loriann\Application Data\Mozilla\Firefox\Profiles\j28xmo69.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Loriann\Application Data\Mozilla\Firefox\Profiles\j28xmo69.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Loriann\Application Data\Mozilla\Firefox\Profiles\j28xmo69.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Loriann\Application Data\Mozilla\Firefox\Profiles\j28xmo69.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Loriann\Application Data\Mozilla\Firefox\Profiles\j28xmo69.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Loriann\Application Data\Mozilla\Firefox\Profiles\j28xmo69.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Loriann\Application Data\Mozilla\Firefox\Profiles\j28xmo69.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Loriann\Application Data\Mozilla\Firefox\Profiles\j28xmo69.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Loriann\Application Data\Mozilla\Firefox\Profiles\j28xmo69.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Loriann\Application Data\Mozilla\Firefox\Profiles\j28xmo69.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Loriann\Application Data\Mozilla\Firefox\Profiles\j28xmo69.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Loriann\Application Data\Mozilla\Firefox\Profiles\j28xmo69.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Loriann\Application Data\Mozilla\Firefox\Profiles\j28xmo69.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Loriann\Application Data\Mozilla\Firefox\Profiles\j28xmo69.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Loriann\Application Data\Mozilla\Firefox\Profiles\j28xmo69.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Loriann\Application Data\Mozilla\Firefox\Profiles\j28xmo69.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Loriann\Application Data\Mozilla\Firefox\Profiles\j28xmo69.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Loriann\Application Data\Mozilla\Firefox\Profiles\j28xmo69.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Loriann\Cookies\loriann@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Loriann\Cookies\loriann@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Loriann\Cookies\loriann@ads.addynamix[1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Loriann\Cookies\loriann@ads.pointroll[1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Loriann\Cookies\loriann@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Loriann\Cookies\loriann@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Loriann\Cookies\loriann@edge.ru4[2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Loriann\Cookies\loriann@ivwbox[2].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
C:\Documents and Settings\Loriann\Cookies\loriann@paypopup[2].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Loriann\Cookies\loriann@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Loriann\Cookies\loriann@revenue[1].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Loriann\Cookies\loriann@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Loriann\Cookies\loriann@yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Loriann\Cookies\loriann@z1.adserver[2].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Loriann\Local Settings\Temp\131294_1664_2420_1772_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Loriann\Local Settings\Temp\196996_3812_1540_1528_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Loriann\Local Settings\Temp\262552_3812_1540_1560_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Loriann\Local Settings\Temp\262912_4000_408_2388_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Loriann\Local Settings\Temp\263084_4000_408_2464_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Loriann\Local Settings\Temp\328312_3516_2056_4056_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Loriann\Local Settings\Temp\328390_2992_1708_3120_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Loriann\Local Settings\Temp\393546_220_2088_2620_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Loriann\Local Settings\Temp\393676_4000_408_236_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Loriann\Local Settings\Temp\458936_3812_1540_156_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Loriann\Local Settings\Temp\459078_4000_408_788_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Loriann\Local Settings\Temp\524866_3516_2056_4060_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Loriann\Local Settings\Temp\787104_2896_1708_3232_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Loriann\Local Settings\Temp\SSK3_B5 Seedcorn 4.exe -> TrojanDropper.Small.qn : Cleaned with backup
C:\Documents and Settings\Loriann\Local Settings\Temp\temp.exe -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Loriann\Local Settings\Temporary Internet Files\Content.IE5\0HIBCXM7\bridge-c46[1].cab/MediaGatewayX.dll -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Loriann\Local Settings\Temporary Internet Files\Content.IE5\CPE3SHIJ\ysb_regular[1].cab/ysbactivex.dll -> TrojanDownloader.IstBar : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@cz9.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@edge.ru4[3].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@install.xxxtoolbar[1].txt -> Spyware.Cookie.Xxxtoolbar : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@vip.clickzs[1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@www.sidefind[2].txt -> Spyware.Cookie.Sidefind : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@www.xxxtoolbar[1].txt -> Spyware.Cookie.Xxxtoolbar : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\ckze06734\Files\sx.htm -> Spyware.TwainTech : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\FQ.exe -> Spyware.WinFetcher : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\iinstall.exe -> TrojanDownloader.IstBar.fm : Cleaned with backup
C:\Program Files\apsi\wtta.exe -> Spyware.MediaTickets : Cleaned with backup
C:\Program Files\CasStub\casstub.exe -> TrojanDownloader.Agent.qg : Cleaned with backup
C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe -> Spyware.Delfin : Cleaned with backup
C:\Program Files\SurfSideKick 3\Ssk.exe -> Spyware.SurfSide : Cleaned with backup
C:\Program Files\SurfSideKick 3\SskBho.dll -> Spyware.SurfSide : Cleaned with backup
C:\Program Files\SurfSideKick 3\SskCore.dll -> Spyware.SurfSide : Cleaned with backup
C:\Program Files\Tdhxfz\Oksw.exe -> Trojan.Small.cy : Cleaned with backup
C:\temp\SearchRelevancy.exe -> Spyware.Relevance.b : Cleaned with backup
C:\temp\stubinstaller6480.exe -> TrojanDownloader.Small.asf : Cleaned with backup
C:\WINDOWS\boerlewn.exe -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\cfgmgr52\EECH1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\cfgmgr52\SPZ3.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\cfgmgr52.dll -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\HDPlugin1019.dll -> Adware.Gator : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\ZangoInstaller.dll -> Spyware.Zango : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\ZangoLib.dll -> Spyware.Zango : Cleaned with backup
C:\WINDOWS\etb\nt_hide62.dll -> Spyware.EliteBar : Cleaned with backup
C:\WINDOWS\etb\pokapoka62.exe -> Spyware.EliteBar : Cleaned with backup
C:\WINDOWS\etb\xud_62.dll -> Spyware.EliteBar : Cleaned with backup
C:\WINDOWS\pxckdlauninstall.exe -> Spyware.NoName : Cleaned with backup
C:\WINDOWS\ru.exe -> Spyware.PurityScan : Cleaned with backup
C:\WINDOWS\security\templates\asa\sman.dbx -> Heuristic.Win32.Morphine-Crypted : Cleaned with backup
C:\WINDOWS\system\aqqea.exe -> TrojanDownloader.Small.ayh : Cleaned with backup
C:\WINDOWS\system32\abl.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\actxprxy.exe -> Spyware.UrlSpy : Cleaned with backup
C:\WINDOWS\system32\AUNPS2.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\boosad.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINDOWS\system32\browser5.exe -> Spyware.UrlSpy : Cleaned with backup
C:\WINDOWS\system32\cards396.exe -> Spyware.UrlSpy : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@cz9.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@install.xxxtoolbar[1].txt -> Spyware.Cookie.Xxxtoolbar : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@vip.clickzs[1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@www.sidefind[2].txt -> Spyware.Cookie.Sidefind : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@www.xxxtoolbar[1].txt -> Spyware.Cookie.Xxxtoolbar : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\ckze06734\Files\sx.htm -> Spyware.TwainTech : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\FQ.exe -> Spyware.WinFetcher : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\iinstall.exe -> TrojanDownloader.IstBar.fm : Cleaned with backup
C:\WINDOWS\system32\CRWMDM.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\cWtsrvut.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\dhopu.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\dload.exe -> TrojanDownloader.Small.mx : Cleaned with backup
C:\WINDOWS\system32\duopu.dll -> TrojanDownloader.Qoologic.q : Cleaned with backup
C:\WINDOWS\system32\dvnhupnp.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\dxcompos.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\dxusic.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\e6f1873b.dll -> TrojanDownloader.Braidupdate.d : Cleaned with backup
C:\WINDOWS\system32\EenClass.Dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\grohrzn.dll -> TrojanDownloader.Qoologic.q : Cleaned with backup
C:\WINDOWS\system32\guard.tmp -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\idxwan.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\iketcfg.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\irsecsnp.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\JOvaAccessBridge.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\kqdycc.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\kudycc.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\kwdlv.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\kwdne.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\lHprxy.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\Lipng11n.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\Lrpng11n.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\mecoree.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\mndtclog.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\mqrd3x40.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\mrjtes40.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\ndrsko.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\nlwrsda.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\nntid.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\nsd6A.dll -> Spyware.HotSearchBar : Cleaned with backup
C:\WINDOWS\system32\nsf3F.dll -> Spyware.HotSearchBar : Cleaned with backup
C:\WINDOWS\system32\nsf4B.dll -> Spyware.HotSearchBar : Cleaned with backup
C:\WINDOWS\system32\nsg28.dll -> Spyware.HotSearchBar : Cleaned with backup
C:\WINDOWS\system32\nsj29.dll -> Spyware.HotSearchBar : Cleaned with backup
C:\WINDOWS\system32\nsj55.dll -> Spyware.HotSearchBar : Cleaned with backup
C:\WINDOWS\system32\nsm6A.dll -> Spyware.HotSearchBar : Cleaned with backup
C:\WINDOWS\system32\nsp29.dll -> Spyware.HotSearchBar : Cleaned with backup
C:\WINDOWS\system32\nss51.dll -> Spyware.HotSearchBar : Cleaned with backup
C:\WINDOWS\system32\nsx61.dll -> Spyware.HotSearchBar : Cleaned with backup
C:\WINDOWS\system32\nsz31.dll -> Spyware.HotSearchBar : Cleaned with backup
C:\WINDOWS\system32\nsz57.dll -> Spyware.HotSearchBar : Cleaned with backup
C:\WINDOWS\system32\oedbse32.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\ohbcbcp.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\omdcfgwz.exe -> Spyware.Apropos : Cleaned with backup
C:\WINDOWS\system32\onbcconf.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\PSof1.exe -> Spyware.Pacer : Cleaned with backup
C:\WINDOWS\system32\redit.cpl -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\WINDOWS\system32\sbpdate.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\sfpblb.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\SSK3_B5 Seedcorn 4.exe -> TrojanDropper.Agent.hl : Cleaned with backup
C:\WINDOWS\system32\supdate.dll -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\WINDOWS\system32\tGembed.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\thin-138-1-x-x.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\system32\vidctrl\vidctrl.exe -> Spyware.DelphinMediaViewer : Cleaned with backup
C:\WINDOWS\system32\vkwbk.dat -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\WINDOWS\system32\VVSNInst.exe -> Adware.SaveNow : Cleaned with backup
C:\WINDOWS\system32\wgidx.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\winmp32.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\wjavusd.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\wlnscard.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\zbfqpz.dll -> Spyware.PurityScan : Cleaned with backup
C:\WINDOWS\Temp\!update.exe -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\Temp\b.com -> TrojanDropper.Agent.pb : Cleaned with backup
C:\WINDOWS\Temp\Del23.tmp -> TrojanDownloader.Small.asf : Cleaned with backup
C:\WINDOWS\Temp\Del30.tmp -> TrojanDownloader.Small.asf : Cleaned with backup
C:\WINDOWS\Temp\DelD1.tmp -> TrojanDownloader.Small.asf : Cleaned with backup
C:\WINDOWS\Temp\MediaAccessInstPack.exe -> Spyware.WinAD : Cleaned with backup
C:\WINDOWS\Temp\nsh_105.exe -> Spyware.Downloadware : Cleaned with backup
C:\WINDOWS\Temp\pcs_0006.exe -> Spyware.Pacer : Cleaned with backup
C:\WINDOWS\Temp\pcs_0026.exe -> Spyware.Pacer : Cleaned with backup
C:\WINDOWS\Temp\ptf_0006.exe -> Spyware.Pacer : Cleaned with backup
C:\WINDOWS\Temp\ptf_0026.exe -> Spyware.Pacer : Cleaned with backup
C:\WINDOWS\Temp\SSK3_B5 Seedcorn 4.exe -> TrojanDropper.Small.qn : Cleaned with backup
C:\WINDOWS\Temp\upd207.exe -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\Temp\upd208.exe -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\Temp\upd209.exe -> Spyware.Look2Me : Cleaned with backup


::Report End



Thanks for any help
  • 0

#4
therock247uk

therock247uk

    Expert

  • Expert
  • 14,671 posts
  • MVP
1. Make sure your PC is set to show all hidden files and folders go here for instructions on how to do this. http://www.xtra.co.n...1916458,00.html

2. Boot into safemode to do this keep tapping F8 on your keyboard while your PC is starting up you will get a menu select safemode.

3. While in safemode open Hijackthis and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll (file missing)
O4 - HKLM\..\Run: [9EfsmDQ] C:\WINDOWS\pfikj.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\System32\exp.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [mscin] C:\WINDOWS\system32\m190309.EXE
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\obpabj.exe reg_run
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe

4. Delete the folders. (if present)

C:\Program Files\SurfSideKick 3

5. Delete the files. (if present)

C:\WINDOWS\pfikj.exe
C:\WINDOWS\cfgmgr52.dll
C:\WINDOWS\System32\exp.exe
C:\WINDOWS\System32\wintask.exe
C:\WINDOWS\system32\m190309.EXE
C:\WINDOWS\System32\obpabj.exe

These files might either be found in C:\ C:\Windows or C:\Windows\System32 if found delete.

AUNPS2.DLL
E6F1873B.DLL

6. Reboot and post a new Hijackthis log here in a reply.
  • 0

#5
therock247uk

therock247uk

    Expert

  • Expert
  • 14,671 posts
  • MVP
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP